Welcome to Lesson 9! After a short break for the May holidays, we continue our publications. Today we will discuss an equally interesting topic, namely - Application Control ΠΈ URL Filtering. That's what people sometimes buy Check Point for. Need to block Telegram, TeamViewer or Tor? This is what Application Control is for. In addition, we will touch on another interesting blade - Content Awarenessand discuss the importance HTTPS Inspections. But first things first!
As you remember, in lesson 7 we started discussing the Access Control policy, but so far we have only touched on the Firewall blade and played a little with NAT. Now let's add three more blades β Application Control, URL Filtering ΠΈ Content Awareness.
Application Control & URL Filtering
Why am I covering App Control and URL Filtering in the same lesson? It's not easy. In fact, it is already quite difficult to clearly distinguish between where there is an application and where there is just a website. Same facebook. What is this? Website? Yes. But it includes many micro applications. Games, videos, messages, widgets, etc. And it is desirable to manage all this. That is why App Control and URL filtering are always activated together.
Now as for the database of applications and sites. You can view them in the SmartConsole through the Object Explorer. There is a special Applications/Categories filter for this. In addition, there is a special resource - . There you can always see if there is a particular application (well, or a resource) in the checkpoint database.
There is also a service , there you can always check which "checkpoint" category a particular resource belongs to. You can even request a category change if you think it's not being defined correctly.
Otherwise, with these blades, everything is pretty obvious. Create an access list, specify the resource / application that you want to block or, on the contrary, allow. That's all. We will see this in practice a little later.
Content Awareness
I see no reason to repeat this topic in our course. I painted in great detail and showed this blade in the previous course - .
HTTPS Inspection
Similar with HTTPS inspections. I pretty well painted both the theoretical and practical part of this mechanism here - . However, HTTPS inspection is important not only for security, but also for the accuracy of identifying applications and sites. This is covered in the video tutorial below.
Video tutorial
In this tutorial, I will talk in detail about the new concept of Layers, create the simplest Facebook blocking policy, prohibit downloading executable files (using Content Awaress), and show how to enable HTTPS inspection.
Stay tuned for more and join us : )
Source: habr.com